package com.ebc.eservice.config.security;

import com.ebc.eservice.config.handle.*;
import com.ebc.eservice.config.handle.MyAccessDeniedHandler;
import com.ebc.eservice.config.filter.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

/**
 * @author: Joey
 * @Description:
 * @date:2022/9/19 1:13
 */
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {

    @Resource
    private MyAccessDeniedHandler myAccessDeniedHandler; //权限
    @Resource
    private MyAuthenticationEntryPoint myAuthenticationEntryPoint;//认证登录
    @Resource
    private MyAuthenticationSuccessHandler successHandler;//登录成功
    @Resource
    private MyAuthenctiationFailureHandler failureHandler;//登录失败
    @Autowired
    private JwtAuthenticationTokenFilter tokenFilter;//自定义认证过滤器


    /**
     * 放行的URL
     */
    public static final String[] AUTH_WHITELIST = {
            "/swagger-ui/**","/swagger-resources/**","/v2/api-docs","/webjars/**", "/swagger-ui.html"
    };
    /**
     *  测试中的URL
     * */
    public static final String[] AUTH_TEST = {
            "/user/login", "/api/**",
            "/system/**","/appCard/**","/app/**",
            "/staffManage/**","/IntroMange/**","/companyExample/**",
            "/appCardManage/**","/appCardExposureAndClient/**",
            "/appCompany/**","/clientManage/**",
            "/home/**"
    };


    /**
     * 定制授权规则
     * */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //关闭csrf
                .csrf().disable()//不通过Session获取SecurityContext
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .antMatchers(AUTH_WHITELIST).permitAll()
                .antMatchers(AUTH_TEST).permitAll()
                .antMatchers("/user/a").hasRole("v3")
                .anyRequest().authenticated();

        http
                .formLogin()
                .successHandler(successHandler)
                .failureHandler(failureHandler);
        //配置异常处理器
        http.exceptionHandling()
                .accessDeniedHandler(myAccessDeniedHandler)
                .authenticationEntryPoint(myAuthenticationEntryPoint);
        //过滤器
        http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
        //允许跨域
        http.cors();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
}
